IT Central Station is now PeerSpot: Here's why

Top 8 Network Detection and Response (NDR)

DarktraceCisco StealthwatchVectra AIArista NDRExtraHop Reveal(x)LogRhythm NetworkXDRBlue HexagonRSA NetWitness Network
  1. leader badge
    The most valuable features of Darktrace are its full capabilities. You have visibility of everything.The NDR is good in their solution and they have NTG for email.
  2. leader badge
    If you are using Darktrace or NAC solutions you can integrate Stealthwatch.StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.
  3. Buyer's Guide
    Network Detection and Response (NDR)
    July 2022
    Find out what your peers are saying about Darktrace, Cisco, Vectra AI and others in Network Detection and Response (NDR). Updated: July 2022.
    622,063 professionals have used our research since 2012.
  4. It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload.
  5. When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query.
  6. The security features of this solution are the most valuable.It's a wire analytics tool. We use it for isolating and determining issues on our network or applications. It does a lot for crediting the network as opposed to discrediting the network. A lot of people come along and say that it's a network issue. It's always considered to be a network issue, but by using ExtraHop, we can quickly tell them that it's not a networking issue. It's something to do with your application or something at the other end. It could be a database issue. This tool gives us the ability to pinpoint with great accuracy the comings and goings on our network.
  7. What we like most in LogRhythm NetworkXDR is its GUI. The GUI is the best when compared to competitors. For example, there is another SIEM in QRadar and Splunk, and for open source SIEM there is Wazuh and there are other SIEM solutions, but LogRhythm NetworkXDR is more reliable and easier to access. It's easy to use and its display is easy to understand. Learning LogRhythm NetworkXDR is smooth sailing compared to other SIEM solutions.
  8. report
    Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
    622,063 professionals have used our research since 2012.
  9. They can provide you very contextual alerts on if something bad is happening—coming into your network or going out of your network. As part of that, they gather a lot of threat intelligence and map your connections against that. The larger benefit is that they give you a risk rating on their findings.
  10. The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good.

Advice From The Community

Read answers to top Network Detection and Response (NDR) questions. 622,063 professionals have gotten help from our community of experts.
Giusel - PeerSpot reviewer
IT Engineer at UTMStack

Hi community,

I'm working on a document about the Security Operation Center best practices, and I would like to get your inputs about it.


Robert Cheruiyot - PeerSpot reviewer
Robert CheruiyotHi Giusel, From my little experience, it's always good to have a good working… more »
4 Answers
Rony_Sklar - PeerSpot reviewer
PeerSpot (formerly IT Central Station)

Hello community, 

What are the differences between how NDR and SIEM work? 

What are the pros and cons of each? Is it necessary to have both types of tools?

DK Shrivastava - PeerSpot reviewer
DK ShrivastavaNDR is just analysis of network behaviour and forms a part of SIEM strategy. it… more »
7 Answers

Network Detection and Response (NDR) Articles

Evgeny Belenky - PeerSpot reviewer
Evgeny Belenky
PeerSpot (formerly IT Central Station)
Apr 27 2022
Hi dear community members, Here we go again with a new bi-weekly Community Spotlight where we share with you recent contributions: articles, questions and discussions. Check them out below! Trending Cybersecurity Trends To Look Out For in 2022 Top 5 Network Access Control (NAC) Softw...
Read More »
Ravi Suvvari - PeerSpot reviewer
Ravi Suvvarivery good and valuable information
1 Comment
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Apr 08 2022
For most companies, whether they are large or small organizations, cyber threats and hacker attacks are a major concern and an ongoing challenge. Since cybersecurity is a critical part of any enterprise IT environment, it is important for software engineers, security, and DevOps professionals to ...
Read More »
Stuart Berman - PeerSpot reviewer
Stuart BermanI agree with many of these observations.  A trend I noticed as a security… more »
1 Comment
Netanya Carmi - PeerSpot reviewer
Netanya Carmi
Content Manager
PeerSpot (formerly IT Central Station)
Apr 06 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features...
Read More »

Network Detection and Response (NDR) Topics

Why is Network Detection and Response important?

The constant increase in volume and complexity of attacks makes it difficult for legacy security tools to keep pace. Detecting known indicators of compromise (IoC) or attack patterns is not enough when cyber criminals seem to always be a step ahead. Organizations need to detect an advanced attack before it becomes a breach.

The enormous volume of data created and traveling across networks provides an ideal hideaway for attackers, whose activities are able to blend in with normal traffic patterns. Thus, attackers can dwell in the network for weeks or months, stealing data in small batches so they aren’t noticed.

Current attack tactics require a solution that can constantly monitor the network to detect abnormal behavior and stop intruders quickly. That’s where network detection and response (NDR) comes in.

Network security typically uses an array of tools for monitoring and intercepting malicious traffic. However, effective network security needs in-depth visibility into the network so they can respond quickly. Network detection and response tools give security teams real-time awareness of network data for quick and meaningful analysis.

NDRs are often integrated as part of broader security solutions, like security information and event management (SIEM) and endpoint detection and response (EDR). Both SIEM and NDR solutions use log analysis to produce high-relevance contextual alerts as part of a whole security solution. This integration gives a comprehensive approach to the attack surface.

What are the key aspects of an NDR solution?

There are several types of Network Detection and Response solutions, and each one is unique. Still, there are key aspects common to all of them. Here is a short list:

  • Machine learning technology analyzes large sets of data to detect threats and make accurate predictions. NDR solutions use machine learning models to detect uncommon patterns; for instance, an unused port suddenly in use, or suspicious activity. By using behavioral analytics, machine learning algorithms can detect a potential threat and prioritize it before sending an alert.
  • Heuristics analyzes the data, looking for suspicious properties. Using heuristics in NDR solutions helps detect unknown threats by identifying abnormal characteristics.
  • Threat intelligence feeds are data streams that provide information on known cyber threats. This information can come from public security repositories or threat lists, or may have been previously identified by the security team. Threat intelligence provides context to NDR solutions so the system can prioritize the alerts by level of risk.
  • Statistical analysis can range from simple URL analysis to analysis of network traffic patterns. Statistical analysis helps determine a baseline of normal behavior the system can use to detect anomalies.
How does NDR enhance your security?

Network detection and response (NDR) solutions enable users to quickly receive threat visibility across an environment. NDR solutions complement other security tools like SIEM (security information and event management) and endpoint detection and response (EDR). Using these technologies together enables the creation of an entire span of visibility.

Network detection and response solutions improve every stage of the threat detection and response process:

  • Detection - NDR solutions collect data across the network and environments, using machine learning analytics to detect threats. Effective NDR solutions incorporate different modeling and deep inspection techniques against both known indicators of compromise (IoC) and unusual behavior.
  • Investigation - NDR gives real-time analytics, which help allow for quick response to threats. It provides contextual intelligence for threat analysis, including supporting legal action by producing information for audits and compliance reports.
  • Response - Since NDR gives information in real-time, security teams can respond more quickly to potential threats. Additionally, effective NDR solutions automate security workflows, improving the security team response. The system prioritizes alerts and automates responses to some threats. Therefore, security teams can focus on the highest-level alerts.
What to Look for in an NDR Solution

Network detection and response (NDR) solutions can be managed, operated or automated.

  • Managed: Managed NDR solutions (or NDR-as-a-Service) combine threat detection techniques with analyses that investigate and respond according to predefined playbooks.
  • Operated: This model offers the technology solution as a package while the company keeps activity logs and provides a security team to respond and recover when necessary.
  • Automated: In this option, the solution is fully automated, without human intervention.

How can you choose the right NDR solution for your company? There are three key parameters you should look when browsing for an NDR solution:

  1. False positives: look at the rate of false positives and false negatives of the system. A high rate of false positives can disrupt network operation. On the other hand, if the system has false negatives, this can lead to attacks passing through.
  2. Machine learning and AI: Check that the system is not entirely dependent on rules. This will give your company more flexibility to adapt to new network conditions.
  3. Does the system enable action? Solutions must enable quick and automated responses. In addition, the system must enable historical recording of network activity, by doing snapshots or logging and log analysis.

Buyer's Guide
Network Detection and Response (NDR)
July 2022
Find out what your peers are saying about Darktrace, Cisco, Vectra AI and others in Network Detection and Response (NDR). Updated: July 2022.
622,063 professionals have used our research since 2012.